@dcyfr/ai 1.0.3 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +106 -0
- package/LICENSE +27 -1
- package/README.md +720 -9
- package/dist/ai/agents/agent-loader.d.ts +12 -0
- package/dist/ai/agents/agent-loader.d.ts.map +1 -1
- package/dist/ai/agents/agent-loader.js +74 -65
- package/dist/ai/agents/agent-loader.js.map +1 -1
- package/dist/ai/agents/agent-registry.d.ts +2 -0
- package/dist/ai/agents/agent-registry.d.ts.map +1 -1
- package/dist/ai/agents/agent-registry.js +15 -14
- package/dist/ai/agents/agent-registry.js.map +1 -1
- package/dist/ai/agents/agent-router.d.ts +20 -5
- package/dist/ai/agents/agent-router.d.ts.map +1 -1
- package/dist/ai/agents/agent-router.js +89 -43
- package/dist/ai/agents/agent-router.js.map +1 -1
- package/dist/ai/agents/index.d.ts +6 -1
- package/dist/ai/agents/index.d.ts.map +1 -1
- package/dist/ai/agents/index.js +9 -3
- package/dist/ai/agents/index.js.map +1 -1
- package/dist/ai/agents/instruction-template.d.ts +45 -0
- package/dist/ai/agents/instruction-template.d.ts.map +1 -0
- package/dist/ai/agents/instruction-template.js +197 -0
- package/dist/ai/agents/instruction-template.js.map +1 -0
- package/dist/ai/agents/persona-resolver.d.ts +90 -0
- package/dist/ai/agents/persona-resolver.d.ts.map +1 -0
- package/dist/ai/agents/persona-resolver.js +121 -0
- package/dist/ai/agents/persona-resolver.js.map +1 -0
- package/dist/ai/agents/schema.d.ts +166 -0
- package/dist/ai/agents/schema.d.ts.map +1 -0
- package/dist/ai/agents/schema.js +94 -0
- package/dist/ai/agents/schema.js.map +1 -0
- package/dist/ai/agents/types.d.ts +102 -0
- package/dist/ai/agents/types.d.ts.map +1 -1
- package/dist/ai/agents-builtin/architecture/index.js +3 -3
- package/dist/ai/agents-builtin/content/index.js +1 -1
- package/dist/ai/agents-builtin/data/index.js +1 -1
- package/dist/ai/agents-builtin/development/index.js +4 -4
- package/dist/ai/agents-builtin/devops/index.js +1 -1
- package/dist/ai/agents-builtin/index.js +33 -33
- package/dist/ai/agents-builtin/performance/index.js +1 -1
- package/dist/ai/agents-builtin/research/index.js +1 -1
- package/dist/ai/agents-builtin/security/index.js +1 -1
- package/dist/ai/agents-builtin/testing/index.js +2 -2
- package/dist/ai/config/loader.d.ts.map +1 -1
- package/dist/ai/config/loader.js +6 -3
- package/dist/ai/config/loader.js.map +1 -1
- package/dist/ai/config/schema.d.ts +242 -1156
- package/dist/ai/config/schema.d.ts.map +1 -1
- package/dist/ai/config/schema.js +69 -20
- package/dist/ai/config/schema.js.map +1 -1
- package/dist/ai/core/provider-registry.d.ts +32 -0
- package/dist/ai/core/provider-registry.d.ts.map +1 -1
- package/dist/ai/core/provider-registry.js +189 -14
- package/dist/ai/core/provider-registry.js.map +1 -1
- package/dist/ai/core/telemetry-engine.d.ts +26 -0
- package/dist/ai/core/telemetry-engine.d.ts.map +1 -1
- package/dist/ai/core/telemetry-engine.js +81 -1
- package/dist/ai/core/telemetry-engine.js.map +1 -1
- package/dist/ai/delegation/agent-registry.d.ts +143 -0
- package/dist/ai/delegation/agent-registry.d.ts.map +1 -0
- package/dist/ai/delegation/agent-registry.js +231 -0
- package/dist/ai/delegation/agent-registry.js.map +1 -0
- package/dist/ai/delegation/blast-radius-tracker.d.ts +65 -0
- package/dist/ai/delegation/blast-radius-tracker.d.ts.map +1 -0
- package/dist/ai/delegation/blast-radius-tracker.js +81 -0
- package/dist/ai/delegation/blast-radius-tracker.js.map +1 -0
- package/dist/ai/delegation/capability-bootstrap.d.ts +40 -0
- package/dist/ai/delegation/capability-bootstrap.d.ts.map +1 -0
- package/dist/ai/delegation/capability-bootstrap.js +431 -0
- package/dist/ai/delegation/capability-bootstrap.js.map +1 -0
- package/dist/ai/delegation/capability-registry.d.ts +81 -0
- package/dist/ai/delegation/capability-registry.d.ts.map +1 -0
- package/dist/ai/delegation/capability-registry.js +339 -0
- package/dist/ai/delegation/capability-registry.js.map +1 -0
- package/dist/ai/delegation/chain-tracker.d.ts +152 -0
- package/dist/ai/delegation/chain-tracker.d.ts.map +1 -0
- package/dist/ai/delegation/chain-tracker.js +336 -0
- package/dist/ai/delegation/chain-tracker.js.map +1 -0
- package/dist/ai/delegation/circuit-breaker.d.ts +59 -0
- package/dist/ai/delegation/circuit-breaker.d.ts.map +1 -0
- package/dist/ai/delegation/circuit-breaker.js +153 -0
- package/dist/ai/delegation/circuit-breaker.js.map +1 -0
- package/dist/ai/delegation/contract-manager.d.ts +415 -0
- package/dist/ai/delegation/contract-manager.d.ts.map +1 -0
- package/dist/ai/delegation/contract-manager.js +1258 -0
- package/dist/ai/delegation/contract-manager.js.map +1 -0
- package/dist/ai/delegation/delegation-manager.d.ts +505 -0
- package/dist/ai/delegation/delegation-manager.d.ts.map +1 -0
- package/dist/ai/delegation/delegation-manager.js +773 -0
- package/dist/ai/delegation/delegation-manager.js.map +1 -0
- package/dist/ai/delegation/event-schemas.d.ts +101 -0
- package/dist/ai/delegation/event-schemas.d.ts.map +1 -0
- package/dist/ai/delegation/event-schemas.js +59 -0
- package/dist/ai/delegation/event-schemas.js.map +1 -0
- package/dist/ai/delegation/execution-mode-dashboard.d.ts +109 -0
- package/dist/ai/delegation/execution-mode-dashboard.d.ts.map +1 -0
- package/dist/ai/delegation/execution-mode-dashboard.js +167 -0
- package/dist/ai/delegation/execution-mode-dashboard.js.map +1 -0
- package/dist/ai/delegation/feature-flags.d.ts +191 -0
- package/dist/ai/delegation/feature-flags.d.ts.map +1 -0
- package/dist/ai/delegation/feature-flags.js +332 -0
- package/dist/ai/delegation/feature-flags.js.map +1 -0
- package/dist/ai/delegation/index.d.ts +51 -0
- package/dist/ai/delegation/index.d.ts.map +1 -0
- package/dist/ai/delegation/index.js +39 -0
- package/dist/ai/delegation/index.js.map +1 -0
- package/dist/ai/delegation/middleware/chain-depth-middleware.d.ts +39 -0
- package/dist/ai/delegation/middleware/chain-depth-middleware.d.ts.map +1 -0
- package/dist/ai/delegation/middleware/chain-depth-middleware.js +77 -0
- package/dist/ai/delegation/middleware/chain-depth-middleware.js.map +1 -0
- package/dist/ai/delegation/middleware/chain-tracker-middleware.d.ts +46 -0
- package/dist/ai/delegation/middleware/chain-tracker-middleware.d.ts.map +1 -0
- package/dist/ai/delegation/middleware/chain-tracker-middleware.js +89 -0
- package/dist/ai/delegation/middleware/chain-tracker-middleware.js.map +1 -0
- package/dist/ai/delegation/middleware/content-policy-middleware.d.ts +31 -0
- package/dist/ai/delegation/middleware/content-policy-middleware.d.ts.map +1 -0
- package/dist/ai/delegation/middleware/content-policy-middleware.js +82 -0
- package/dist/ai/delegation/middleware/content-policy-middleware.js.map +1 -0
- package/dist/ai/delegation/middleware/feature-flag-middleware.d.ts +46 -0
- package/dist/ai/delegation/middleware/feature-flag-middleware.d.ts.map +1 -0
- package/dist/ai/delegation/middleware/feature-flag-middleware.js +59 -0
- package/dist/ai/delegation/middleware/feature-flag-middleware.js.map +1 -0
- package/dist/ai/delegation/middleware/identity-middleware.d.ts +23 -0
- package/dist/ai/delegation/middleware/identity-middleware.d.ts.map +1 -0
- package/dist/ai/delegation/middleware/identity-middleware.js +64 -0
- package/dist/ai/delegation/middleware/identity-middleware.js.map +1 -0
- package/dist/ai/delegation/middleware/permissions-middleware.d.ts +48 -0
- package/dist/ai/delegation/middleware/permissions-middleware.d.ts.map +1 -0
- package/dist/ai/delegation/middleware/permissions-middleware.js +107 -0
- package/dist/ai/delegation/middleware/permissions-middleware.js.map +1 -0
- package/dist/ai/delegation/middleware/rate-limiter-middleware.d.ts +38 -0
- package/dist/ai/delegation/middleware/rate-limiter-middleware.d.ts.map +1 -0
- package/dist/ai/delegation/middleware/rate-limiter-middleware.js +65 -0
- package/dist/ai/delegation/middleware/rate-limiter-middleware.js.map +1 -0
- package/dist/ai/delegation/middleware/reputation-middleware.d.ts +39 -0
- package/dist/ai/delegation/middleware/reputation-middleware.d.ts.map +1 -0
- package/dist/ai/delegation/middleware/reputation-middleware.js +75 -0
- package/dist/ai/delegation/middleware/reputation-middleware.js.map +1 -0
- package/dist/ai/delegation/middleware/resource-limiter-middleware.d.ts +52 -0
- package/dist/ai/delegation/middleware/resource-limiter-middleware.d.ts.map +1 -0
- package/dist/ai/delegation/middleware/resource-limiter-middleware.js +112 -0
- package/dist/ai/delegation/middleware/resource-limiter-middleware.js.map +1 -0
- package/dist/ai/delegation/middleware/threat-validator-middleware.d.ts +23 -0
- package/dist/ai/delegation/middleware/threat-validator-middleware.d.ts.map +1 -0
- package/dist/ai/delegation/middleware/threat-validator-middleware.js +83 -0
- package/dist/ai/delegation/middleware/threat-validator-middleware.js.map +1 -0
- package/dist/ai/delegation/middleware/tlp-middleware.d.ts +23 -0
- package/dist/ai/delegation/middleware/tlp-middleware.d.ts.map +1 -0
- package/dist/ai/delegation/middleware/tlp-middleware.js +59 -0
- package/dist/ai/delegation/middleware/tlp-middleware.js.map +1 -0
- package/dist/ai/delegation/monitoring.d.ts +298 -0
- package/dist/ai/delegation/monitoring.d.ts.map +1 -0
- package/dist/ai/delegation/monitoring.js +584 -0
- package/dist/ai/delegation/monitoring.js.map +1 -0
- package/dist/ai/delegation/security-middleware-chain.d.ts +71 -0
- package/dist/ai/delegation/security-middleware-chain.d.ts.map +1 -0
- package/dist/ai/delegation/security-middleware-chain.js +163 -0
- package/dist/ai/delegation/security-middleware-chain.js.map +1 -0
- package/dist/ai/delegation/session-checkpoint.d.ts +77 -0
- package/dist/ai/delegation/session-checkpoint.d.ts.map +1 -0
- package/dist/ai/delegation/session-checkpoint.js +131 -0
- package/dist/ai/delegation/session-checkpoint.js.map +1 -0
- package/dist/ai/delegation/session-manager.d.ts +131 -0
- package/dist/ai/delegation/session-manager.d.ts.map +1 -0
- package/dist/ai/delegation/session-manager.js +243 -0
- package/dist/ai/delegation/session-manager.js.map +1 -0
- package/dist/ai/delegation/session-queue.d.ts +95 -0
- package/dist/ai/delegation/session-queue.d.ts.map +1 -0
- package/dist/ai/delegation/session-queue.js +136 -0
- package/dist/ai/delegation/session-queue.js.map +1 -0
- package/dist/ai/delegation/timeout-watchdog.d.ts +60 -0
- package/dist/ai/delegation/timeout-watchdog.d.ts.map +1 -0
- package/dist/ai/delegation/timeout-watchdog.js +100 -0
- package/dist/ai/delegation/timeout-watchdog.js.map +1 -0
- package/dist/ai/examples/integration-demo.d.ts +27 -0
- package/dist/ai/examples/integration-demo.d.ts.map +1 -0
- package/dist/ai/examples/integration-demo.js +536 -0
- package/dist/ai/examples/integration-demo.js.map +1 -0
- package/dist/ai/index.d.ts +27 -0
- package/dist/ai/index.d.ts.map +1 -1
- package/dist/ai/index.js +32 -10
- package/dist/ai/index.js.map +1 -1
- package/dist/ai/mcp/index.d.ts +14 -2
- package/dist/ai/mcp/index.d.ts.map +1 -1
- package/dist/ai/mcp/index.js +11 -1
- package/dist/ai/mcp/index.js.map +1 -1
- package/dist/ai/mcp/servers/analytics/index.d.ts +19 -0
- package/dist/ai/mcp/servers/analytics/index.d.ts.map +1 -0
- package/dist/ai/mcp/servers/analytics/index.js +612 -0
- package/dist/ai/mcp/servers/analytics/index.js.map +1 -0
- package/dist/ai/mcp/servers/content-manager/content-provider.d.ts +61 -0
- package/dist/ai/mcp/servers/content-manager/content-provider.d.ts.map +1 -0
- package/dist/ai/mcp/servers/content-manager/content-provider.js +8 -0
- package/dist/ai/mcp/servers/content-manager/content-provider.js.map +1 -0
- package/dist/ai/mcp/servers/content-manager/index.d.ts +19 -0
- package/dist/ai/mcp/servers/content-manager/index.d.ts.map +1 -0
- package/dist/ai/mcp/servers/content-manager/index.js +282 -0
- package/dist/ai/mcp/servers/content-manager/index.js.map +1 -0
- package/dist/ai/mcp/servers/delegation-monitor/index.d.ts +36 -0
- package/dist/ai/mcp/servers/delegation-monitor/index.d.ts.map +1 -0
- package/dist/ai/mcp/servers/delegation-monitor/index.js +757 -0
- package/dist/ai/mcp/servers/delegation-monitor/index.js.map +1 -0
- package/dist/ai/mcp/servers/design-tokens/index.d.ts +19 -0
- package/dist/ai/mcp/servers/design-tokens/index.d.ts.map +1 -0
- package/dist/ai/mcp/servers/design-tokens/index.js +445 -0
- package/dist/ai/mcp/servers/design-tokens/index.js.map +1 -0
- package/dist/ai/mcp/servers/design-tokens/token-provider.d.ts +59 -0
- package/dist/ai/mcp/servers/design-tokens/token-provider.d.ts.map +1 -0
- package/dist/ai/mcp/servers/design-tokens/token-provider.js +8 -0
- package/dist/ai/mcp/servers/design-tokens/token-provider.js.map +1 -0
- package/dist/ai/mcp/servers/promptintel/index.d.ts +19 -0
- package/dist/ai/mcp/servers/promptintel/index.d.ts.map +1 -0
- package/dist/ai/mcp/servers/promptintel/index.js +335 -0
- package/dist/ai/mcp/servers/promptintel/index.js.map +1 -0
- package/dist/ai/mcp/servers/shared/cache.d.ts +62 -0
- package/dist/ai/mcp/servers/shared/cache.d.ts.map +1 -0
- package/dist/ai/mcp/servers/shared/cache.js +117 -0
- package/dist/ai/mcp/servers/shared/cache.js.map +1 -0
- package/dist/ai/mcp/servers/shared/promptintel-client.d.ts +53 -0
- package/dist/ai/mcp/servers/shared/promptintel-client.d.ts.map +1 -0
- package/dist/ai/mcp/servers/shared/promptintel-client.js +185 -0
- package/dist/ai/mcp/servers/shared/promptintel-client.js.map +1 -0
- package/dist/ai/mcp/servers/shared/promptintel-types.d.ts +85 -0
- package/dist/ai/mcp/servers/shared/promptintel-types.d.ts.map +1 -0
- package/dist/ai/mcp/servers/shared/promptintel-types.js +7 -0
- package/dist/ai/mcp/servers/shared/promptintel-types.js.map +1 -0
- package/dist/ai/mcp/servers/shared/rate-limiter.d.ts +54 -0
- package/dist/ai/mcp/servers/shared/rate-limiter.d.ts.map +1 -0
- package/dist/ai/mcp/servers/shared/rate-limiter.js +124 -0
- package/dist/ai/mcp/servers/shared/rate-limiter.js.map +1 -0
- package/dist/ai/mcp/servers/shared/redis-client.d.ts +54 -0
- package/dist/ai/mcp/servers/shared/redis-client.d.ts.map +1 -0
- package/dist/ai/mcp/servers/shared/redis-client.js +232 -0
- package/dist/ai/mcp/servers/shared/redis-client.js.map +1 -0
- package/dist/ai/mcp/servers/shared/types.d.ts +301 -0
- package/dist/ai/mcp/servers/shared/types.d.ts.map +1 -0
- package/dist/ai/mcp/servers/shared/types.js +6 -0
- package/dist/ai/mcp/servers/shared/types.js.map +1 -0
- package/dist/ai/mcp/servers/shared/utils.d.ts +49 -0
- package/dist/ai/mcp/servers/shared/utils.d.ts.map +1 -0
- package/dist/ai/mcp/servers/shared/utils.js +233 -0
- package/dist/ai/mcp/servers/shared/utils.js.map +1 -0
- package/dist/ai/memory/config.d.ts +102 -0
- package/dist/ai/memory/config.d.ts.map +1 -0
- package/dist/ai/memory/config.js +200 -0
- package/dist/ai/memory/config.js.map +1 -0
- package/dist/ai/memory/dcyfr-memory.d.ts +67 -0
- package/dist/ai/memory/dcyfr-memory.d.ts.map +1 -0
- package/dist/ai/memory/dcyfr-memory.js +308 -0
- package/dist/ai/memory/dcyfr-memory.js.map +1 -0
- package/dist/ai/memory/index.d.ts +15 -0
- package/dist/ai/memory/index.d.ts.map +1 -0
- package/dist/ai/memory/index.js +15 -0
- package/dist/ai/memory/index.js.map +1 -0
- package/dist/ai/memory/mem0-client.d.ts +108 -0
- package/dist/ai/memory/mem0-client.d.ts.map +1 -0
- package/dist/ai/memory/mem0-client.js +205 -0
- package/dist/ai/memory/mem0-client.js.map +1 -0
- package/dist/ai/memory/types.d.ts +175 -0
- package/dist/ai/memory/types.d.ts.map +1 -0
- package/dist/ai/memory/types.js +10 -0
- package/dist/ai/memory/types.js.map +1 -0
- package/dist/ai/permissions/attenuation-engine.d.ts +159 -0
- package/dist/ai/permissions/attenuation-engine.d.ts.map +1 -0
- package/dist/ai/permissions/attenuation-engine.js +511 -0
- package/dist/ai/permissions/attenuation-engine.js.map +1 -0
- package/dist/ai/plugins/plugin-loader.d.ts +4 -0
- package/dist/ai/plugins/plugin-loader.d.ts.map +1 -1
- package/dist/ai/plugins/plugin-loader.js +28 -28
- package/dist/ai/plugins/plugin-loader.js.map +1 -1
- package/dist/ai/reputation/execution-mode-reputation.d.ts +104 -0
- package/dist/ai/reputation/execution-mode-reputation.d.ts.map +1 -0
- package/dist/ai/reputation/execution-mode-reputation.js +142 -0
- package/dist/ai/reputation/execution-mode-reputation.js.map +1 -0
- package/dist/ai/reputation/reputation-engine.d.ts +204 -0
- package/dist/ai/reputation/reputation-engine.d.ts.map +1 -0
- package/dist/ai/reputation/reputation-engine.js +426 -0
- package/dist/ai/reputation/reputation-engine.js.map +1 -0
- package/dist/ai/runtime/agent-runtime.d.ts +193 -0
- package/dist/ai/runtime/agent-runtime.d.ts.map +1 -0
- package/dist/ai/runtime/agent-runtime.js +1009 -0
- package/dist/ai/runtime/agent-runtime.js.map +1 -0
- package/dist/ai/runtime/index.d.ts +11 -0
- package/dist/ai/runtime/index.d.ts.map +1 -0
- package/dist/ai/runtime/index.js +9 -0
- package/dist/ai/runtime/index.js.map +1 -0
- package/dist/ai/runtime/telemetry-schema.d.ts +192 -0
- package/dist/ai/runtime/telemetry-schema.d.ts.map +1 -0
- package/dist/ai/runtime/telemetry-schema.js +200 -0
- package/dist/ai/runtime/telemetry-schema.js.map +1 -0
- package/dist/ai/runtime/types.d.ts +236 -0
- package/dist/ai/runtime/types.d.ts.map +1 -0
- package/dist/ai/runtime/types.js +10 -0
- package/dist/ai/runtime/types.js.map +1 -0
- package/dist/ai/src/batch-processor.d.ts +298 -0
- package/dist/ai/src/batch-processor.d.ts.map +1 -0
- package/dist/ai/src/batch-processor.js +520 -0
- package/dist/ai/src/batch-processor.js.map +1 -0
- package/dist/ai/src/capability-bootstrap.d.ts +222 -0
- package/dist/ai/src/capability-bootstrap.d.ts.map +1 -0
- package/dist/ai/src/capability-bootstrap.js +421 -0
- package/dist/ai/src/capability-bootstrap.js.map +1 -0
- package/dist/ai/src/capability-manifest-generator.d.ts +52 -0
- package/dist/ai/src/capability-manifest-generator.d.ts.map +1 -0
- package/dist/ai/src/capability-manifest-generator.js +691 -0
- package/dist/ai/src/capability-manifest-generator.js.map +1 -0
- package/dist/ai/src/capability-registry.d.ts +157 -0
- package/dist/ai/src/capability-registry.d.ts.map +1 -0
- package/dist/ai/src/capability-registry.js +577 -0
- package/dist/ai/src/capability-registry.js.map +1 -0
- package/dist/ai/src/cli/telemetry-dashboard.d.ts +132 -0
- package/dist/ai/src/cli/telemetry-dashboard.d.ts.map +1 -0
- package/dist/ai/src/cli/telemetry-dashboard.js +565 -0
- package/dist/ai/src/cli/telemetry-dashboard.js.map +1 -0
- package/dist/ai/src/delegation/feature-flags.d.ts +213 -0
- package/dist/ai/src/delegation/feature-flags.d.ts.map +1 -0
- package/dist/ai/src/delegation/feature-flags.js +395 -0
- package/dist/ai/src/delegation/feature-flags.js.map +1 -0
- package/dist/ai/src/delegation/liability-firebreak.d.ts +303 -0
- package/dist/ai/src/delegation/liability-firebreak.d.ts.map +1 -0
- package/dist/ai/src/delegation/liability-firebreak.js +643 -0
- package/dist/ai/src/delegation/liability-firebreak.js.map +1 -0
- package/dist/ai/src/delegation/security-threat-model.d.ts +171 -0
- package/dist/ai/src/delegation/security-threat-model.d.ts.map +1 -0
- package/dist/ai/src/delegation/security-threat-model.js +723 -0
- package/dist/ai/src/delegation/security-threat-model.js.map +1 -0
- package/dist/ai/src/delegation/tlp-enforcement.d.ts +146 -0
- package/dist/ai/src/delegation/tlp-enforcement.d.ts.map +1 -0
- package/dist/ai/src/delegation/tlp-enforcement.js +382 -0
- package/dist/ai/src/delegation/tlp-enforcement.js.map +1 -0
- package/dist/ai/src/delegation-capability-integration.d.ts +154 -0
- package/dist/ai/src/delegation-capability-integration.d.ts.map +1 -0
- package/dist/ai/src/delegation-capability-integration.js +351 -0
- package/dist/ai/src/delegation-capability-integration.js.map +1 -0
- package/dist/ai/src/end-to-end-workflow-orchestrator.d.ts +325 -0
- package/dist/ai/src/end-to-end-workflow-orchestrator.d.ts.map +1 -0
- package/dist/ai/src/end-to-end-workflow-orchestrator.js +801 -0
- package/dist/ai/src/end-to-end-workflow-orchestrator.js.map +1 -0
- package/dist/ai/src/enhanced-capability-detection.d.ts +237 -0
- package/dist/ai/src/enhanced-capability-detection.d.ts.map +1 -0
- package/dist/ai/src/enhanced-capability-detection.js +448 -0
- package/dist/ai/src/enhanced-capability-detection.js.map +1 -0
- package/dist/ai/src/intelligent-cache-manager.d.ts +327 -0
- package/dist/ai/src/intelligent-cache-manager.d.ts.map +1 -0
- package/dist/ai/src/intelligent-cache-manager.js +634 -0
- package/dist/ai/src/intelligent-cache-manager.js.map +1 -0
- package/dist/ai/src/mcp-auto-configuration.d.ts +232 -0
- package/dist/ai/src/mcp-auto-configuration.d.ts.map +1 -0
- package/dist/ai/src/mcp-auto-configuration.js +445 -0
- package/dist/ai/src/mcp-auto-configuration.js.map +1 -0
- package/dist/ai/src/performance-profiler.d.ts +351 -0
- package/dist/ai/src/performance-profiler.d.ts.map +1 -0
- package/dist/ai/src/performance-profiler.js +475 -0
- package/dist/ai/src/performance-profiler.js.map +1 -0
- package/dist/ai/src/personas/hooks/before-llm-call.d.ts +96 -0
- package/dist/ai/src/personas/hooks/before-llm-call.d.ts.map +1 -0
- package/dist/ai/src/personas/hooks/before-llm-call.js +83 -0
- package/dist/ai/src/personas/hooks/before-llm-call.js.map +1 -0
- package/dist/ai/src/personas/index.d.ts +10 -0
- package/dist/ai/src/personas/index.d.ts.map +1 -0
- package/dist/ai/src/personas/index.js +10 -0
- package/dist/ai/src/personas/index.js.map +1 -0
- package/dist/ai/src/personas/persona-loader.d.ts +42 -0
- package/dist/ai/src/personas/persona-loader.d.ts.map +1 -0
- package/dist/ai/src/personas/persona-loader.js +162 -0
- package/dist/ai/src/personas/persona-loader.js.map +1 -0
- package/dist/ai/src/personas/types.d.ts +199 -0
- package/dist/ai/src/personas/types.d.ts.map +1 -0
- package/dist/ai/src/personas/types.js +7 -0
- package/dist/ai/src/personas/types.js.map +1 -0
- package/dist/ai/src/personas/voice-resolver.d.ts +40 -0
- package/dist/ai/src/personas/voice-resolver.d.ts.map +1 -0
- package/dist/ai/src/personas/voice-resolver.js +201 -0
- package/dist/ai/src/personas/voice-resolver.js.map +1 -0
- package/dist/ai/src/resource-monitor.d.ts +311 -0
- package/dist/ai/src/resource-monitor.d.ts.map +1 -0
- package/dist/ai/src/resource-monitor.js +475 -0
- package/dist/ai/src/resource-monitor.js.map +1 -0
- package/dist/ai/src/runtime/agent-runtime.d.ts +340 -0
- package/dist/ai/src/runtime/agent-runtime.d.ts.map +1 -0
- package/dist/ai/src/runtime/agent-runtime.js +1084 -0
- package/dist/ai/src/runtime/agent-runtime.js.map +1 -0
- package/dist/ai/src/telemetry/delegation-telemetry.d.ts +287 -0
- package/dist/ai/src/telemetry/delegation-telemetry.d.ts.map +1 -0
- package/dist/ai/src/telemetry/delegation-telemetry.js +389 -0
- package/dist/ai/src/telemetry/delegation-telemetry.js.map +1 -0
- package/dist/ai/src/telemetry/index.d.ts +48 -0
- package/dist/ai/src/telemetry/index.d.ts.map +1 -0
- package/dist/ai/src/telemetry/index.js +48 -0
- package/dist/ai/src/telemetry/index.js.map +1 -0
- package/dist/ai/src/telemetry/runtime-telemetry-integration.d.ts +67 -0
- package/dist/ai/src/telemetry/runtime-telemetry-integration.d.ts.map +1 -0
- package/dist/ai/src/telemetry/runtime-telemetry-integration.js +415 -0
- package/dist/ai/src/telemetry/runtime-telemetry-integration.js.map +1 -0
- package/dist/ai/src/telemetry/telemetry-utils.d.ts +119 -0
- package/dist/ai/src/telemetry/telemetry-utils.d.ts.map +1 -0
- package/dist/ai/src/telemetry/telemetry-utils.js +250 -0
- package/dist/ai/src/telemetry/telemetry-utils.js.map +1 -0
- package/dist/ai/src/types/agent-capabilities.d.ts +227 -0
- package/dist/ai/src/types/agent-capabilities.d.ts.map +1 -0
- package/dist/ai/src/types/agent-capabilities.js +11 -0
- package/dist/ai/src/types/agent-capabilities.js.map +1 -0
- package/dist/ai/src/types/context-verification.d.ts +158 -0
- package/dist/ai/src/types/context-verification.d.ts.map +1 -0
- package/dist/ai/src/types/context-verification.js +73 -0
- package/dist/ai/src/types/context-verification.js.map +1 -0
- package/dist/ai/src/types/delegation-contracts.d.ts +296 -0
- package/dist/ai/src/types/delegation-contracts.d.ts.map +1 -0
- package/dist/ai/src/types/delegation-contracts.js +17 -0
- package/dist/ai/src/types/delegation-contracts.js.map +1 -0
- package/dist/ai/src/validation-pipeline-integration.d.ts +266 -0
- package/dist/ai/src/validation-pipeline-integration.d.ts.map +1 -0
- package/dist/ai/src/validation-pipeline-integration.js +695 -0
- package/dist/ai/src/validation-pipeline-integration.js.map +1 -0
- package/dist/ai/src/verification/multi-modal-formatters.d.ts +57 -0
- package/dist/ai/src/verification/multi-modal-formatters.d.ts.map +1 -0
- package/dist/ai/src/verification/multi-modal-formatters.js +655 -0
- package/dist/ai/src/verification/multi-modal-formatters.js.map +1 -0
- package/dist/ai/src/verification/output-formatter.d.ts +186 -0
- package/dist/ai/src/verification/output-formatter.d.ts.map +1 -0
- package/dist/ai/src/verification/output-formatter.js +296 -0
- package/dist/ai/src/verification/output-formatter.js.map +1 -0
- package/dist/ai/src/verification/parser-integration.d.ts +137 -0
- package/dist/ai/src/verification/parser-integration.d.ts.map +1 -0
- package/dist/ai/src/verification/parser-integration.js +273 -0
- package/dist/ai/src/verification/parser-integration.js.map +1 -0
- package/dist/ai/types/agent-capabilities.d.ts +387 -0
- package/dist/ai/types/agent-capabilities.d.ts.map +1 -0
- package/dist/ai/types/agent-capabilities.js +32 -0
- package/dist/ai/types/agent-capabilities.js.map +1 -0
- package/dist/ai/types/delegation-contracts.d.ts +291 -0
- package/dist/ai/types/delegation-contracts.d.ts.map +1 -0
- package/dist/ai/types/delegation-contracts.js +14 -0
- package/dist/ai/types/delegation-contracts.js.map +1 -0
- package/dist/ai/types/index.d.ts +4 -1
- package/dist/ai/types/index.d.ts.map +1 -1
- package/dist/ai/types/index.js +4 -1
- package/dist/ai/types/index.js.map +1 -1
- package/dist/ai/types/permission-tokens.d.ts +365 -0
- package/dist/ai/types/permission-tokens.d.ts.map +1 -0
- package/dist/ai/types/permission-tokens.js +13 -0
- package/dist/ai/types/permission-tokens.js.map +1 -0
- package/dist/ai/types/security-middleware.d.ts +130 -0
- package/dist/ai/types/security-middleware.d.ts.map +1 -0
- package/dist/ai/types/security-middleware.js +13 -0
- package/dist/ai/types/security-middleware.js.map +1 -0
- package/dist/ai/utils/storage.d.ts.map +1 -1
- package/dist/ai/utils/storage.js +6 -3
- package/dist/ai/utils/storage.js.map +1 -1
- package/dist/ai/validation/validation-framework.js +1 -1
- package/dist/ai/verification/policy-framework.d.ts +161 -0
- package/dist/ai/verification/policy-framework.d.ts.map +1 -0
- package/dist/ai/verification/policy-framework.js +436 -0
- package/dist/ai/verification/policy-framework.js.map +1 -0
- package/package.json +56 -6
|
@@ -0,0 +1,643 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Liability Firebreak Enforcement for DCYFR Delegation Framework
|
|
3
|
+
* TLP:AMBER - Internal Use Only
|
|
4
|
+
*
|
|
5
|
+
* Implements accountability boundaries in delegation chains to prevent
|
|
6
|
+
* unlimited delegation and ensure clear liability assignment. Includes
|
|
7
|
+
* manual override capabilities and escalation procedures.
|
|
8
|
+
*
|
|
9
|
+
* Key accountability mechanisms:
|
|
10
|
+
* - Delegation chain depth limits with liability boundaries
|
|
11
|
+
* - Responsibility tracking through chain hierarchy
|
|
12
|
+
* - Manual override and emergency escalation procedures
|
|
13
|
+
* - Liability assignment and audit trail maintenance
|
|
14
|
+
*
|
|
15
|
+
* @module delegation/liability-firebreak
|
|
16
|
+
* @version 1.0.0
|
|
17
|
+
* @date 2026-02-14
|
|
18
|
+
*/
|
|
19
|
+
/**
|
|
20
|
+
* Liability Firebreak Enforcement Engine
|
|
21
|
+
*/
|
|
22
|
+
export class LiabilityFirebreakEnforcer {
|
|
23
|
+
config;
|
|
24
|
+
overrideRequests;
|
|
25
|
+
chainAccountability;
|
|
26
|
+
stats;
|
|
27
|
+
constructor(config = {}) {
|
|
28
|
+
this.config = {
|
|
29
|
+
depth_thresholds: {
|
|
30
|
+
supervisor: config.depth_thresholds?.supervisor || 3,
|
|
31
|
+
manager: config.depth_thresholds?.manager || 5,
|
|
32
|
+
executive: config.depth_thresholds?.executive || 7,
|
|
33
|
+
},
|
|
34
|
+
liability_thresholds: {
|
|
35
|
+
high_value_limit: config.liability_thresholds?.high_value_limit || 100000,
|
|
36
|
+
critical_system_approval: config.liability_thresholds?.critical_system_approval ?? true,
|
|
37
|
+
external_delegation_approval: config.liability_thresholds?.external_delegation_approval ?? true,
|
|
38
|
+
},
|
|
39
|
+
emergency_procedures: {
|
|
40
|
+
max_emergency_depth: config.emergency_procedures?.max_emergency_depth || 10,
|
|
41
|
+
emergency_contacts: config.emergency_procedures?.emergency_contacts || [
|
|
42
|
+
{ authority: 'supervisor', contact_id: 'supervisor@dcyfr.ai', response_time_sla_minutes: 30 },
|
|
43
|
+
{ authority: 'manager', contact_id: 'manager@dcyfr.ai', response_time_sla_minutes: 60 },
|
|
44
|
+
{ authority: 'executive', contact_id: 'executive@dcyfr.ai', response_time_sla_minutes: 120 },
|
|
45
|
+
],
|
|
46
|
+
},
|
|
47
|
+
};
|
|
48
|
+
this.overrideRequests = new Map();
|
|
49
|
+
this.chainAccountability = new Map();
|
|
50
|
+
// Initialize statistics
|
|
51
|
+
this.stats = {
|
|
52
|
+
total_validations: 0,
|
|
53
|
+
firebreaks_passed: 0,
|
|
54
|
+
firebreaks_blocked: 0,
|
|
55
|
+
block_reasons: {},
|
|
56
|
+
liability_distribution: {
|
|
57
|
+
full: 0,
|
|
58
|
+
shared: 0,
|
|
59
|
+
limited: 0,
|
|
60
|
+
none: 0,
|
|
61
|
+
},
|
|
62
|
+
};
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* Enforce liability firebreaks for delegation
|
|
66
|
+
*/
|
|
67
|
+
enforceFirebreaks(primaryAgent, secondaryAgent, context) {
|
|
68
|
+
// Use default values for missing context properties
|
|
69
|
+
// Empty array means single delegation (1 hop)
|
|
70
|
+
const hasChainAgents = context.chain_agents && context.chain_agents.length > 0;
|
|
71
|
+
const defaultChainAgents = hasChainAgents
|
|
72
|
+
? context.chain_agents
|
|
73
|
+
: []; // Empty means single delegation
|
|
74
|
+
const validationContext = {
|
|
75
|
+
delegation_depth: Math.max(context.delegation_depth || 1, 1),
|
|
76
|
+
estimated_value: Math.max(context.estimated_value || 0, 0),
|
|
77
|
+
involves_critical_systems: context.involves_critical_systems || false,
|
|
78
|
+
is_external_delegation: context.is_external_delegation || false,
|
|
79
|
+
chain_agents: defaultChainAgents,
|
|
80
|
+
};
|
|
81
|
+
this.stats.total_validations++;
|
|
82
|
+
const blockingFirebreaks = [];
|
|
83
|
+
let requiredAuthority = 'agent';
|
|
84
|
+
let liabilityLevel = this.assignLiabilityLevel(validationContext);
|
|
85
|
+
// Check depth firebreaks
|
|
86
|
+
const depthCheck = this.checkDepthLimits(validationContext.delegation_depth);
|
|
87
|
+
if (!depthCheck.allowed) {
|
|
88
|
+
blockingFirebreaks.push('delegation_depth_exceeded');
|
|
89
|
+
requiredAuthority = this.getAuthorityForDepth(validationContext.delegation_depth);
|
|
90
|
+
}
|
|
91
|
+
// Check value firebreaks
|
|
92
|
+
if (validationContext.estimated_value > this.config.liability_thresholds.high_value_limit) {
|
|
93
|
+
blockingFirebreaks.push('high_value_delegation');
|
|
94
|
+
requiredAuthority = this.escalateAuthority(requiredAuthority, 'manager');
|
|
95
|
+
liabilityLevel = 'full';
|
|
96
|
+
}
|
|
97
|
+
// Check critical system firebreaks
|
|
98
|
+
if (validationContext.involves_critical_systems && this.config.liability_thresholds.critical_system_approval) {
|
|
99
|
+
blockingFirebreaks.push('critical_system_delegation');
|
|
100
|
+
requiredAuthority = this.escalateAuthority(requiredAuthority, 'manager');
|
|
101
|
+
liabilityLevel = 'full';
|
|
102
|
+
}
|
|
103
|
+
// Check external delegation firebreaks
|
|
104
|
+
if (validationContext.is_external_delegation && this.config.liability_thresholds.external_delegation_approval) {
|
|
105
|
+
blockingFirebreaks.push('external_delegation');
|
|
106
|
+
requiredAuthority = this.escalateAuthority(requiredAuthority, 'executive');
|
|
107
|
+
liabilityLevel = 'full';
|
|
108
|
+
}
|
|
109
|
+
const firebreaksPassed = blockingFirebreaks.length === 0;
|
|
110
|
+
if (!firebreaksPassed) {
|
|
111
|
+
this.stats.firebreaks_blocked++;
|
|
112
|
+
this.stats.block_reasons = this.stats.block_reasons || {};
|
|
113
|
+
blockingFirebreaks.forEach(reason => {
|
|
114
|
+
this.stats.block_reasons[reason] = (this.stats.block_reasons[reason] || 0) + 1;
|
|
115
|
+
});
|
|
116
|
+
}
|
|
117
|
+
else {
|
|
118
|
+
this.stats.firebreaks_passed++;
|
|
119
|
+
}
|
|
120
|
+
// Update liability distribution
|
|
121
|
+
this.stats.liability_distribution = this.stats.liability_distribution || {};
|
|
122
|
+
this.stats.liability_distribution[liabilityLevel] = (this.stats.liability_distribution[liabilityLevel] || 0) + 1;
|
|
123
|
+
const result = {
|
|
124
|
+
firebreaks_passed: firebreaksPassed,
|
|
125
|
+
blocking_firebreaks: blockingFirebreaks,
|
|
126
|
+
liability_level: liabilityLevel,
|
|
127
|
+
chain_length: validationContext.chain_agents.length || 1, // Default to 1 for empty
|
|
128
|
+
manual_override_available: !firebreaksPassed,
|
|
129
|
+
required_authority: requiredAuthority,
|
|
130
|
+
validation_timestamp: new Date().toISOString(),
|
|
131
|
+
};
|
|
132
|
+
console.log(`🔥 Firebreak enforcement: ${firebreaksPassed ? 'PASS' : 'BLOCK'} - ${primaryAgent} -> ${secondaryAgent} (Depth: ${validationContext.delegation_depth}, Liability: ${liabilityLevel})`);
|
|
133
|
+
return result;
|
|
134
|
+
}
|
|
135
|
+
/**
|
|
136
|
+
* Assign liability level based on delegation context
|
|
137
|
+
*/
|
|
138
|
+
assignLiabilityLevel(context) {
|
|
139
|
+
// Simple liability assignment based on delegation characteristics
|
|
140
|
+
if (context.delegation_depth <= 1 && context.estimated_value < 100) {
|
|
141
|
+
return 'none';
|
|
142
|
+
}
|
|
143
|
+
if (context.involves_critical_systems || context.estimated_value > 50000) {
|
|
144
|
+
return 'full';
|
|
145
|
+
}
|
|
146
|
+
if (context.delegation_depth > 3 && context.estimated_value > 500) {
|
|
147
|
+
return 'shared';
|
|
148
|
+
}
|
|
149
|
+
return 'limited';
|
|
150
|
+
}
|
|
151
|
+
/**
|
|
152
|
+
* Check depth limits
|
|
153
|
+
*/
|
|
154
|
+
checkDepthLimits(depth) {
|
|
155
|
+
// Block if depth EXCEEDS supervisor threshold (not equal to)
|
|
156
|
+
const requiresApproval = depth > this.config.depth_thresholds.supervisor;
|
|
157
|
+
return { allowed: !requiresApproval };
|
|
158
|
+
}
|
|
159
|
+
/**
|
|
160
|
+
* Get required authority for given depth
|
|
161
|
+
*/
|
|
162
|
+
getAuthorityForDepth(depth) {
|
|
163
|
+
// Depths beyond executive threshold require emergency authority
|
|
164
|
+
if (depth > this.config.depth_thresholds.executive)
|
|
165
|
+
return 'emergency';
|
|
166
|
+
if (depth > this.config.depth_thresholds.manager)
|
|
167
|
+
return 'manager';
|
|
168
|
+
if (depth > this.config.depth_thresholds.supervisor)
|
|
169
|
+
return 'supervisor';
|
|
170
|
+
// At or below supervisor threshold requires agent only
|
|
171
|
+
return 'agent';
|
|
172
|
+
}
|
|
173
|
+
/**
|
|
174
|
+
* Escalate authority level
|
|
175
|
+
*/
|
|
176
|
+
escalateAuthority(current, required) {
|
|
177
|
+
const levels = ['agent', 'supervisor', 'manager', 'executive', 'emergency'];
|
|
178
|
+
const currentIndex = levels.indexOf(current);
|
|
179
|
+
const requiredIndex = levels.indexOf(required);
|
|
180
|
+
return levels[Math.max(currentIndex, requiredIndex)];
|
|
181
|
+
}
|
|
182
|
+
/**
|
|
183
|
+
* Process emergency escalation
|
|
184
|
+
*/
|
|
185
|
+
async processEmergencyEscalation(escalationData) {
|
|
186
|
+
const escalation_id = `escalation_${Date.now()}_${Math.random().toString(36).substring(7)}`;
|
|
187
|
+
// Find appropriate emergency contact
|
|
188
|
+
const emergencyContact = this.config.emergency_procedures.emergency_contacts
|
|
189
|
+
.find(contact => contact.authority === 'supervisor') ||
|
|
190
|
+
this.config.emergency_procedures.emergency_contacts[0];
|
|
191
|
+
const result = {
|
|
192
|
+
escalation_id,
|
|
193
|
+
status: 'escalated',
|
|
194
|
+
agent_id: escalationData.agent_id,
|
|
195
|
+
emergency_level: escalationData.emergency_level,
|
|
196
|
+
emergency_contact_notified: true,
|
|
197
|
+
emergency_contact: emergencyContact?.contact_id || 'emergency@dcyfr.ai',
|
|
198
|
+
bypass_granted: false, // Manual approval required
|
|
199
|
+
approval_required: true,
|
|
200
|
+
escalation_timestamp: new Date().toISOString(),
|
|
201
|
+
};
|
|
202
|
+
return result;
|
|
203
|
+
}
|
|
204
|
+
/**
|
|
205
|
+
* Get pending override requests
|
|
206
|
+
*/
|
|
207
|
+
/**
|
|
208
|
+
* Calculate chain accountability and tracking
|
|
209
|
+
*/
|
|
210
|
+
calculateChainAccountability(contract) {
|
|
211
|
+
const chain_id = contract.contract_id; // Simplified - no parent contract tracking
|
|
212
|
+
let depth = 1;
|
|
213
|
+
const boundaries_hit = [];
|
|
214
|
+
// Calculate depth from chain history
|
|
215
|
+
if (contract.metadata?.delegation_depth) {
|
|
216
|
+
depth = contract.metadata.delegation_depth;
|
|
217
|
+
}
|
|
218
|
+
// Get existing chain accountability
|
|
219
|
+
const existing_chain = this.chainAccountability.get(chain_id) || [];
|
|
220
|
+
// Check boundaries
|
|
221
|
+
if (depth >= this.config.depth_thresholds.supervisor) {
|
|
222
|
+
boundaries_hit.push('supervisor_review_required');
|
|
223
|
+
}
|
|
224
|
+
if (depth >= this.config.depth_thresholds.manager) {
|
|
225
|
+
boundaries_hit.push('manager_approval_required');
|
|
226
|
+
}
|
|
227
|
+
if (depth >= this.config.depth_thresholds.executive) {
|
|
228
|
+
boundaries_hit.push('executive_authorization_required');
|
|
229
|
+
}
|
|
230
|
+
// Build liability distribution
|
|
231
|
+
const liability_distribution = existing_chain.map(entry => ({
|
|
232
|
+
agent_id: entry.agent_id,
|
|
233
|
+
liability_level: entry.liability_level,
|
|
234
|
+
scope: this.getScopeForAgent(entry.agent_id, contract),
|
|
235
|
+
}));
|
|
236
|
+
// Add current delegation
|
|
237
|
+
liability_distribution.push({
|
|
238
|
+
agent_id: contract.delegatee_agent_id,
|
|
239
|
+
liability_level: 'shared', // Simplified for old method compatibility
|
|
240
|
+
scope: contract.permission_token?.scopes || ['unknown'],
|
|
241
|
+
});
|
|
242
|
+
return {
|
|
243
|
+
depth,
|
|
244
|
+
max_depth: this.config.emergency_procedures.max_emergency_depth,
|
|
245
|
+
liability_distribution,
|
|
246
|
+
boundaries_hit,
|
|
247
|
+
};
|
|
248
|
+
}
|
|
249
|
+
/**
|
|
250
|
+
* Check depth-based firebreaks
|
|
251
|
+
*/
|
|
252
|
+
checkDepthFirebreaks(depth) {
|
|
253
|
+
if (depth > this.config.emergency_procedures.max_emergency_depth) {
|
|
254
|
+
return {
|
|
255
|
+
allowed: false,
|
|
256
|
+
action: 'terminate_chain',
|
|
257
|
+
reason: `Delegation chain exceeds maximum emergency depth (${this.config.emergency_procedures.max_emergency_depth})`,
|
|
258
|
+
};
|
|
259
|
+
}
|
|
260
|
+
if (depth >= this.config.depth_thresholds.executive) {
|
|
261
|
+
return {
|
|
262
|
+
allowed: false,
|
|
263
|
+
action: 'escalate',
|
|
264
|
+
reason: 'Delegation chain requires executive authorization',
|
|
265
|
+
required_authority: 'executive',
|
|
266
|
+
};
|
|
267
|
+
}
|
|
268
|
+
if (depth >= this.config.depth_thresholds.manager) {
|
|
269
|
+
return {
|
|
270
|
+
allowed: false,
|
|
271
|
+
action: 'require_approval',
|
|
272
|
+
reason: 'Delegation chain requires manager approval',
|
|
273
|
+
required_authority: 'manager',
|
|
274
|
+
};
|
|
275
|
+
}
|
|
276
|
+
if (depth >= this.config.depth_thresholds.supervisor) {
|
|
277
|
+
return {
|
|
278
|
+
allowed: false,
|
|
279
|
+
action: 'require_approval',
|
|
280
|
+
reason: 'Delegation chain requires supervisor review',
|
|
281
|
+
required_authority: 'supervisor',
|
|
282
|
+
};
|
|
283
|
+
}
|
|
284
|
+
return { allowed: true, action: 'allow', reason: 'Depth within acceptable limits' };
|
|
285
|
+
}
|
|
286
|
+
/**
|
|
287
|
+
* Check liability-based firebreaks
|
|
288
|
+
*/
|
|
289
|
+
checkLiabilityFirebreaks(contract) {
|
|
290
|
+
let required_authority;
|
|
291
|
+
let action = 'allow';
|
|
292
|
+
let reason = 'Liability checks passed';
|
|
293
|
+
let liability_level = 'limited';
|
|
294
|
+
// Check for high-value operations
|
|
295
|
+
if (contract.metadata && typeof contract.metadata?.estimated_value === 'number' &&
|
|
296
|
+
contract.metadata.estimated_value > this.config.liability_thresholds.high_value_limit) {
|
|
297
|
+
required_authority = 'manager';
|
|
298
|
+
action = 'require_approval';
|
|
299
|
+
reason = `High-value operation (${contract.metadata.estimated_value}) requires manager approval`;
|
|
300
|
+
liability_level = 'full';
|
|
301
|
+
}
|
|
302
|
+
// Check for critical system access
|
|
303
|
+
if (this.config.liability_thresholds.critical_system_approval && contract.permission_token?.scopes?.some(scope => scope.includes('production') || scope.includes('critical') || scope.includes('system'))) {
|
|
304
|
+
required_authority = required_authority === 'manager' ? 'manager' : 'supervisor';
|
|
305
|
+
action = 'require_approval';
|
|
306
|
+
reason = 'Critical system access requires approval';
|
|
307
|
+
liability_level = 'full';
|
|
308
|
+
}
|
|
309
|
+
// Check for external delegation
|
|
310
|
+
if (this.config.liability_thresholds.external_delegation_approval &&
|
|
311
|
+
(contract.delegatee_agent_id.includes('external') ||
|
|
312
|
+
contract.delegatee_agent_id.includes('third-party'))) {
|
|
313
|
+
required_authority = 'manager';
|
|
314
|
+
action = 'escalate';
|
|
315
|
+
reason = 'External delegation requires manager escalation';
|
|
316
|
+
liability_level = 'shared';
|
|
317
|
+
}
|
|
318
|
+
return {
|
|
319
|
+
allowed: !required_authority,
|
|
320
|
+
action,
|
|
321
|
+
reason,
|
|
322
|
+
required_authority,
|
|
323
|
+
liability_level,
|
|
324
|
+
};
|
|
325
|
+
}
|
|
326
|
+
/**
|
|
327
|
+
* Check for active manual overrides
|
|
328
|
+
*/
|
|
329
|
+
checkActiveOverrides(contract_id) {
|
|
330
|
+
for (const [_, override] of this.overrideRequests) {
|
|
331
|
+
if (override.contract_id === contract_id &&
|
|
332
|
+
override.status === 'approved' &&
|
|
333
|
+
override.expires_at &&
|
|
334
|
+
new Date(override.expires_at) > new Date()) {
|
|
335
|
+
return override;
|
|
336
|
+
}
|
|
337
|
+
}
|
|
338
|
+
return null;
|
|
339
|
+
}
|
|
340
|
+
/**
|
|
341
|
+
* Get scope for agent in contract context
|
|
342
|
+
*/
|
|
343
|
+
getScopeForAgent(agent_id, contract) {
|
|
344
|
+
// For now, return contract scopes - in production this would query agent capabilities
|
|
345
|
+
return contract.permission_token?.scopes || ['read'];
|
|
346
|
+
}
|
|
347
|
+
/**
|
|
348
|
+
* Build escalation path for required authority
|
|
349
|
+
*/
|
|
350
|
+
buildEscalationPath(required_authority) {
|
|
351
|
+
if (!required_authority)
|
|
352
|
+
return [];
|
|
353
|
+
const path = [];
|
|
354
|
+
const contacts = this.config.emergency_procedures.emergency_contacts;
|
|
355
|
+
switch (required_authority) {
|
|
356
|
+
case 'supervisor':
|
|
357
|
+
path.push({
|
|
358
|
+
level: 'supervisor',
|
|
359
|
+
contact_method: contacts.find(c => c.authority === 'supervisor')?.contact_id,
|
|
360
|
+
});
|
|
361
|
+
break;
|
|
362
|
+
case 'manager':
|
|
363
|
+
path.push({ level: 'supervisor', contact_method: contacts.find(c => c.authority === 'supervisor')?.contact_id }, { level: 'manager', contact_method: contacts.find(c => c.authority === 'manager')?.contact_id });
|
|
364
|
+
break;
|
|
365
|
+
case 'executive':
|
|
366
|
+
path.push({ level: 'supervisor', contact_method: contacts.find(c => c.authority === 'supervisor')?.contact_id }, { level: 'manager', contact_method: contacts.find(c => c.authority === 'manager')?.contact_id }, { level: 'executive', contact_method: contacts.find(c => c.authority === 'executive')?.contact_id });
|
|
367
|
+
break;
|
|
368
|
+
}
|
|
369
|
+
return path;
|
|
370
|
+
}
|
|
371
|
+
/**
|
|
372
|
+
* Request manual override for blocked delegation
|
|
373
|
+
*/
|
|
374
|
+
/** Normalize positional or object-based requestOverride params into a canonical shape */
|
|
375
|
+
normalizeOverrideParams(contractIdOrRequest, requesting_agent_id, authority, justification, business_impact, urgency) {
|
|
376
|
+
if (typeof contractIdOrRequest === 'object') {
|
|
377
|
+
const req = contractIdOrRequest;
|
|
378
|
+
return {
|
|
379
|
+
reqAgent: req.requesting_agent || req.requesting_agent_id || 'unknown',
|
|
380
|
+
reqAuthority: req.authority_level || req.authority || 'agent',
|
|
381
|
+
reqJustification: req.justification || req.reason || '',
|
|
382
|
+
reqReason: req.reason,
|
|
383
|
+
reqContext: req.context,
|
|
384
|
+
reqExpiresAt: req.expires_at,
|
|
385
|
+
reqBusinessImpact: req.business_impact,
|
|
386
|
+
reqUrgency: req.urgency,
|
|
387
|
+
reqContractId: req.contract_id,
|
|
388
|
+
reqTargetAgent: req.target_agent,
|
|
389
|
+
};
|
|
390
|
+
}
|
|
391
|
+
return {
|
|
392
|
+
reqAgent: requesting_agent_id || 'unknown',
|
|
393
|
+
reqAuthority: authority || 'agent',
|
|
394
|
+
reqJustification: justification || '',
|
|
395
|
+
reqBusinessImpact: business_impact,
|
|
396
|
+
reqUrgency: urgency,
|
|
397
|
+
reqContractId: contractIdOrRequest,
|
|
398
|
+
};
|
|
399
|
+
}
|
|
400
|
+
/** Determine required override authority based on delegation context */
|
|
401
|
+
determineRequiredAuthority(context) {
|
|
402
|
+
let required = 'agent';
|
|
403
|
+
if (!context)
|
|
404
|
+
return required;
|
|
405
|
+
if (context.is_external_delegation)
|
|
406
|
+
required = this.escalateAuthority(required, 'executive');
|
|
407
|
+
if (context.involves_critical_systems)
|
|
408
|
+
required = this.escalateAuthority(required, 'manager');
|
|
409
|
+
if (context.estimated_value > this.config.liability_thresholds.high_value_limit)
|
|
410
|
+
required = this.escalateAuthority(required, 'manager');
|
|
411
|
+
if (context.delegation_depth > this.config.depth_thresholds.executive)
|
|
412
|
+
required = this.escalateAuthority(required, 'emergency');
|
|
413
|
+
else if (context.delegation_depth > this.config.depth_thresholds.manager)
|
|
414
|
+
required = this.escalateAuthority(required, 'manager');
|
|
415
|
+
else if (context.delegation_depth > this.config.depth_thresholds.supervisor)
|
|
416
|
+
required = this.escalateAuthority(required, 'supervisor');
|
|
417
|
+
return required;
|
|
418
|
+
}
|
|
419
|
+
async requestOverride(contractIdOrRequest, requesting_agent_id, authority, justification, business_impact, urgency) {
|
|
420
|
+
const override_id = `override_${Date.now()}_${Math.random().toString(36).substring(7)}`;
|
|
421
|
+
const { reqAgent, reqAuthority, reqJustification, reqReason, reqContext, reqExpiresAt: initExpiresAt, reqBusinessImpact, reqUrgency, reqContractId, reqTargetAgent } = this.normalizeOverrideParams(contractIdOrRequest, requesting_agent_id, authority, justification, business_impact, urgency);
|
|
422
|
+
let reqExpiresAt = initExpiresAt;
|
|
423
|
+
const requiredAuthority = this.determineRequiredAuthority(reqContext);
|
|
424
|
+
// Check if requesting authority is sufficient
|
|
425
|
+
const authority_levels = ['agent', 'supervisor', 'manager', 'executive', 'emergency'];
|
|
426
|
+
const requestedLevel = authority_levels.indexOf(reqAuthority);
|
|
427
|
+
const requiredLevel = authority_levels.indexOf(requiredAuthority);
|
|
428
|
+
if (requiredLevel > requestedLevel) {
|
|
429
|
+
// Insufficient authority - reject
|
|
430
|
+
const rejected = {
|
|
431
|
+
override_id,
|
|
432
|
+
authority: reqAuthority,
|
|
433
|
+
authority_level: reqAuthority,
|
|
434
|
+
requesting_agent_id: reqAgent,
|
|
435
|
+
requesting_agent: reqAgent,
|
|
436
|
+
target_agent: reqTargetAgent,
|
|
437
|
+
contract_id: reqContractId,
|
|
438
|
+
justification: reqJustification,
|
|
439
|
+
reason: reqReason,
|
|
440
|
+
context: reqContext,
|
|
441
|
+
business_impact: reqBusinessImpact,
|
|
442
|
+
urgency: reqUrgency,
|
|
443
|
+
status: 'rejected',
|
|
444
|
+
expires_at: reqExpiresAt,
|
|
445
|
+
created_at: new Date().toISOString(),
|
|
446
|
+
rejection_reason: `Insufficient authority level: ${reqAuthority}. Required: ${requiredAuthority}`,
|
|
447
|
+
required_approvals: [requiredAuthority],
|
|
448
|
+
auto_approved: false,
|
|
449
|
+
};
|
|
450
|
+
this.overrideRequests.set(override_id, rejected);
|
|
451
|
+
return rejected;
|
|
452
|
+
}
|
|
453
|
+
// Calculate expiry if not provided
|
|
454
|
+
if (!reqExpiresAt) {
|
|
455
|
+
const expiresDate = new Date();
|
|
456
|
+
switch (reqUrgency) {
|
|
457
|
+
case 'emergency':
|
|
458
|
+
expiresDate.setHours(expiresDate.getHours() + 1);
|
|
459
|
+
break;
|
|
460
|
+
case 'urgent':
|
|
461
|
+
expiresDate.setHours(expiresDate.getHours() + 4);
|
|
462
|
+
break;
|
|
463
|
+
default:
|
|
464
|
+
expiresDate.setHours(expiresDate.getHours() + 24);
|
|
465
|
+
}
|
|
466
|
+
reqExpiresAt = expiresDate.toISOString();
|
|
467
|
+
}
|
|
468
|
+
const override = {
|
|
469
|
+
override_id,
|
|
470
|
+
authority: reqAuthority,
|
|
471
|
+
authority_level: reqAuthority,
|
|
472
|
+
requesting_agent_id: reqAgent,
|
|
473
|
+
requesting_agent: reqAgent,
|
|
474
|
+
target_agent: reqTargetAgent,
|
|
475
|
+
contract_id: reqContractId,
|
|
476
|
+
justification: reqJustification,
|
|
477
|
+
reason: reqReason,
|
|
478
|
+
context: reqContext,
|
|
479
|
+
business_impact: reqBusinessImpact,
|
|
480
|
+
urgency: reqUrgency,
|
|
481
|
+
status: 'pending',
|
|
482
|
+
expires_at: reqExpiresAt,
|
|
483
|
+
created_at: new Date().toISOString(),
|
|
484
|
+
required_approvals: requiredAuthority !== 'agent' ? [requiredAuthority] : undefined,
|
|
485
|
+
auto_approved: false,
|
|
486
|
+
};
|
|
487
|
+
this.overrideRequests.set(override_id, override);
|
|
488
|
+
// Emit override request event for monitoring
|
|
489
|
+
console.log(`🔥 Firebreak Override Requested: ${override_id} (${reqAuthority}) - ${reqJustification}`);
|
|
490
|
+
return override;
|
|
491
|
+
}
|
|
492
|
+
/**
|
|
493
|
+
* Approve manual override
|
|
494
|
+
*/
|
|
495
|
+
async approveOverride(override_id, approving_authority, approver_clearance) {
|
|
496
|
+
const override = this.overrideRequests.get(override_id);
|
|
497
|
+
if (!override) {
|
|
498
|
+
throw new Error(`Override request not found: ${override_id}`);
|
|
499
|
+
}
|
|
500
|
+
if (override.status !== 'pending') {
|
|
501
|
+
throw new Error(`Override request ${override_id} is not pending (current status: ${override.status})`);
|
|
502
|
+
}
|
|
503
|
+
if (!override.expires_at || new Date(override.expires_at) <= new Date()) {
|
|
504
|
+
override.status = 'expired';
|
|
505
|
+
this.overrideRequests.set(override_id, override);
|
|
506
|
+
throw new Error(`Override request ${override_id} has expired`);
|
|
507
|
+
}
|
|
508
|
+
// Check if approver has sufficient authority
|
|
509
|
+
const authority_levels = ['agent', 'supervisor', 'manager', 'executive', 'emergency'];
|
|
510
|
+
const required_level = authority_levels.indexOf(override.authority || 'agent');
|
|
511
|
+
const approver_level = authority_levels.indexOf(approver_clearance);
|
|
512
|
+
if (approver_level < required_level) {
|
|
513
|
+
throw new Error(`Insufficient authority: ${approver_clearance} cannot approve ${override.authority} level override`);
|
|
514
|
+
}
|
|
515
|
+
// Approve the override
|
|
516
|
+
override.status = 'approved';
|
|
517
|
+
override.approved_by = approving_authority;
|
|
518
|
+
override.approved_at = new Date().toISOString();
|
|
519
|
+
this.overrideRequests.set(override_id, override);
|
|
520
|
+
console.log(`✅ Firebreak Override Approved: ${override_id} by ${approving_authority}`);
|
|
521
|
+
return override;
|
|
522
|
+
}
|
|
523
|
+
/**
|
|
524
|
+
* Emergency escalation bypass (highest authority override)
|
|
525
|
+
*/
|
|
526
|
+
async emergencyEscalation(contract_id, emergency_contact, justification) {
|
|
527
|
+
const override = await this.requestOverride(contract_id, emergency_contact, 'emergency', `EMERGENCY ESCALATION: ${justification}`, 'critical', 'emergency');
|
|
528
|
+
// Security hardening: emergency escalations are no longer auto-approved.
|
|
529
|
+
// Explicit human/operator approval must call approveOverride() separately.
|
|
530
|
+
return override;
|
|
531
|
+
}
|
|
532
|
+
/**
|
|
533
|
+
* Get liability firebreak statistics
|
|
534
|
+
*/
|
|
535
|
+
getFirebreakStatistics() {
|
|
536
|
+
// This would be implemented with proper metrics tracking in production
|
|
537
|
+
return {
|
|
538
|
+
total_evaluations: 0,
|
|
539
|
+
blocked_delegations: 0,
|
|
540
|
+
escalations_required: 0,
|
|
541
|
+
overrides_requested: this.overrideRequests.size,
|
|
542
|
+
overrides_approved: Array.from(this.overrideRequests.values()).filter(o => o.status === 'approved').length,
|
|
543
|
+
chain_depth_violations: 0,
|
|
544
|
+
liability_threshold_violations: 0,
|
|
545
|
+
};
|
|
546
|
+
}
|
|
547
|
+
/**
|
|
548
|
+
* Get pending override requests
|
|
549
|
+
*/
|
|
550
|
+
getPendingOverrides() {
|
|
551
|
+
return Array.from(this.overrideRequests.values())
|
|
552
|
+
.filter(override => override.status === 'pending')
|
|
553
|
+
.sort((a, b) => {
|
|
554
|
+
// Sort by urgency and business impact
|
|
555
|
+
const urgencyOrder = { emergency: 3, urgent: 2, routine: 1 };
|
|
556
|
+
const impactOrder = { critical: 4, high: 3, medium: 2, low: 1 };
|
|
557
|
+
const aScore = (urgencyOrder[a.urgency || 'routine'] ?? 0) * 10 + (impactOrder[a.business_impact || 'low'] ?? 0);
|
|
558
|
+
const bScore = (urgencyOrder[b.urgency || 'routine'] ?? 0) * 10 + (impactOrder[b.business_impact || 'low'] ?? 0);
|
|
559
|
+
return bScore - aScore; // Descending order (highest priority first)
|
|
560
|
+
});
|
|
561
|
+
}
|
|
562
|
+
/**
|
|
563
|
+
* Update chain accountability tracking
|
|
564
|
+
*/
|
|
565
|
+
updateChainAccountability(chain_id, agent_id, liability_level, depth) {
|
|
566
|
+
const existing = this.chainAccountability.get(chain_id) || [];
|
|
567
|
+
existing.push({ agent_id, liability_level, depth });
|
|
568
|
+
this.chainAccountability.set(chain_id, existing);
|
|
569
|
+
}
|
|
570
|
+
/**
|
|
571
|
+
* Clean up expired override requests
|
|
572
|
+
*/
|
|
573
|
+
cleanupExpiredOverrides() {
|
|
574
|
+
let cleaned = 0;
|
|
575
|
+
const now = new Date();
|
|
576
|
+
for (const [override_id, override] of this.overrideRequests) {
|
|
577
|
+
if (override.expires_at && new Date(override.expires_at) <= now && override.status === 'pending') {
|
|
578
|
+
override.status = 'expired';
|
|
579
|
+
this.overrideRequests.set(override_id, override);
|
|
580
|
+
cleaned++;
|
|
581
|
+
}
|
|
582
|
+
}
|
|
583
|
+
return cleaned;
|
|
584
|
+
}
|
|
585
|
+
/**
|
|
586
|
+
* Evaluate a contract for firebreak requirements
|
|
587
|
+
* Wrapper method for test compatibility - converts contract to context and calls enforceFirebreaks
|
|
588
|
+
*/
|
|
589
|
+
evaluateContract(contract) {
|
|
590
|
+
// Extract delegation context from contract
|
|
591
|
+
const isSensitive = contract.metadata?.operation_type === 'destructive' ||
|
|
592
|
+
contract.metadata?.environment === 'production' ||
|
|
593
|
+
contract.priority >= 8;
|
|
594
|
+
const context = {
|
|
595
|
+
delegation_depth: 1, // Default depth
|
|
596
|
+
estimated_value: isSensitive ? 100000 : (contract.metadata?.estimated_value || 0),
|
|
597
|
+
involves_critical_systems: isSensitive || contract.metadata?.involves_critical_systems || false,
|
|
598
|
+
is_external_delegation: contract.metadata?.is_external_delegation || false,
|
|
599
|
+
chain_agents: [
|
|
600
|
+
contract.delegator?.agent_id || contract.delegator_agent_id,
|
|
601
|
+
contract.delegatee?.agent_id || contract.delegatee_agent_id,
|
|
602
|
+
],
|
|
603
|
+
};
|
|
604
|
+
const result = this.enforceFirebreaks(contract.delegator?.agent_id || contract.delegator_agent_id, contract.delegatee?.agent_id || contract.delegatee_agent_id, context);
|
|
605
|
+
// Determine risk level
|
|
606
|
+
const riskLevel = isSensitive ? 'high' :
|
|
607
|
+
contract.priority >= 5 ? 'medium' : 'low';
|
|
608
|
+
return {
|
|
609
|
+
requires_firebreak: !result.firebreaks_passed,
|
|
610
|
+
risk_level: riskLevel,
|
|
611
|
+
firebreak_conditions: result.blocking_firebreaks.length > 0 ? result.blocking_firebreaks : undefined,
|
|
612
|
+
reason: result.blocking_firebreaks.length > 0
|
|
613
|
+
? `Firebreak required: ${result.blocking_firebreaks.join(', ')}`
|
|
614
|
+
: undefined,
|
|
615
|
+
};
|
|
616
|
+
}
|
|
617
|
+
/**
|
|
618
|
+
* Get firebreak enforcement statistics
|
|
619
|
+
*/
|
|
620
|
+
getStats() {
|
|
621
|
+
// Calculate override request summary
|
|
622
|
+
const overrideValues = Array.from(this.overrideRequests.values());
|
|
623
|
+
const override_requests_summary = {
|
|
624
|
+
total: overrideValues.length,
|
|
625
|
+
pending: overrideValues.filter(o => o.status === 'pending').length,
|
|
626
|
+
approved: overrideValues.filter(o => o.status === 'approved').length,
|
|
627
|
+
rejected: overrideValues.filter(o => o.status === 'denied' || o.status === 'rejected').length,
|
|
628
|
+
expired: overrideValues.filter(o => o.status === 'expired').length,
|
|
629
|
+
};
|
|
630
|
+
return {
|
|
631
|
+
...this.stats,
|
|
632
|
+
total_validations: this.stats.total_validations,
|
|
633
|
+
firebreaks_passed: this.stats.firebreaks_passed,
|
|
634
|
+
firebreaks_blocked: this.stats.firebreaks_blocked,
|
|
635
|
+
block_reasons: this.stats.block_reasons,
|
|
636
|
+
block_reason_distribution: this.stats.block_reasons,
|
|
637
|
+
liability_distribution: this.stats.liability_distribution,
|
|
638
|
+
pending_overrides: this.overrideRequests.size,
|
|
639
|
+
override_requests_summary,
|
|
640
|
+
};
|
|
641
|
+
}
|
|
642
|
+
}
|
|
643
|
+
//# sourceMappingURL=liability-firebreak.js.map
|